After noticing some weird things with my pc lately iam scared that i got a trojan or even key logger.

Some things
When i do "shift + 6" instead of getting one ^ I get two ^^.

When I go to task manager i see a very weird process running:
It says 38z78FF.exe *32 at the moment and the description behind it says systray .exe stub. When I restart my pc the name of this process is different the next day!

Edit: I just shutted it down and now it came back as 38z76C9.exe *32 , same description -->

So i googled ths, when i search the .exe i find nothing but when i searched systray .exe stub i found a german forum where a guy had the same problem. I cant understand it all but it says he is also scared it is a keylogger and he has the SAME problem with the sign ^^
(Source: http://www.trojaner-board.de/99206-s...keylogger.html)

I also scanned my PC whole pc with Mcafee Entreprese 8.8 and it had 0 detections.....

Am I doomed and do I need to re-install my windows 7 or is this just a normal thing.... =-[

Error - 31-5-2011 11:12:44 | Computer Name = PingusMachine | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{1707C13D-E768-4DE8-A228-0D83F95B6099}
because another computer on the network has the same name. The server could not
start.

I dont even know how long Iam infected really...... also changes passes woudnt make sense atm.. or i would need to change them on an other pc

Spend last few hours on copying important files to my Mybook.

Is there anything i need to think about when i put the windows 7 cd back into my pc and reboot and reinstall windows? Etc formatting EVERYTHING?

---

Also I really wonder how i got this, I always had the newest viruscanner with updates etc (one of the best advantages of going to uni :P, free licensed software!), always updated everything and never clicked things i did not trust.......... pffffft

Don't really weigh on how long you've had the keylogger, weigh it based on the importance of the information stored on the accounts with which the passwords are protecting. For example, change passwords on anything related to banking even if you can't remember if you've logged in on to that account with that computer. Make sense? And yes, change those passwords on another computer or on the machine after you start fresh.

I'm not going to supply rant for "why your anti-virus/anti-malware/whatever software" didn't save you, just know that most bad software these days targets circumvention of those types of software. Windows 7 is a lot better out-of-the-box with regards to default security, but maybe look in to (see stickied post) running as a standard user all the time and only using admin accounts for installing/changing system-level items. Yes, it is very painful, but so is starting from scratch

But running programs like HEM and Tableninja always need admin? Isnt that a big hassle

If you right-click on any application's shortcut and go to Properties, click Advanced on the Shortcut tab. Here you can specify that program to exert admin privileges when it starts. If something runs as a service rather than an application, that is even easier to overcome.

McAfee, Symantec, AVG all claim that they are selling security suite software for PCs. They are merely illusions of security. Think of them as deadbolt locks. Someone with the proper knowledge will know how to circumvent it.

Personally, I feel more vulnerable by having one of the "big three" security suites. Personally, I'd recommend Microsoft's Security Essentials pack or ClamAV/ClamWin to any non-corporate PC user.

Moral of the story: If you have high value for the content that you store on your computer, you probably need to add more layers of security.

you don't need to format yet, and i would avoid using passwords rather than change them all, until it is fixed. the extent of my fixing knowledge is running malwarebytes but there are a few experts on this stuff around.

OP, don't reformat yet. Just wait for Gabe or someone with similar experience to read your thread. He'll be able to help.

In the meantime, though, don't use that machine for anything sensitive (particularly email, poker and banking). Use a different machine to change passwords on your most important accounts.

One thing he'll make sure you do is update Java - yours is out of date. Outdated environments and plugins are a potential vector of infection. Same goes for Adobe products. When your machine has been cleaned up, you might want to download something like Secunia PSI - it will tell you when software is out of date and help you find updates.

There are several good free antivirus packages out there. I use Avira; Microsoft Security Essentials is (perhaps surprisingly) another good choice.

Can you also have both, Microsoft Securiuty Essentials and Mcafee, I dont think so right?

And how would I know if that program is gone, my pc is really clean. I'am already leaning towards formatting my pc alot... since every source I found about this problem, the OP formatted his pc in the end...

I really dont like the feeling of not being sure if you have a virus or not but this is clearly one. And indeed maybe I should wait for someone with more knowledge, but if I'am going to make a clean start I better to it ASAP lol

------I ran OTL with the quote you stated and clicked RUn fix, It asked for a reboot which went smootlhy, I just checked taskbar and the weird .exe file with the stated description is already gone? You are quite amazing sir, thanks, nice hand------

Looks like its fixed, thanks alot man, if you google "systray .exe stub" people should find this thread instead of those other (german) forums, they all got pretty bad adivse compared to here and they all re-installed their pc in the end it looks like, while the fix is quick if you KNOW what to do (gabe his stuff...), I dont know how hard it is to know what you have to do though ....

I saw a suspicious autorun.inf. It could a worm spreading by infected USB drives.
I suggest you immunize all your USB drives, including those in digital cameras, mp3/4 players and mobile phones.

====================

Please download Flash_Disinfector by sUBs from here and save it to your desktop.

Double-click Flash_Disinfector.exe to run the tool

When requested, insert the USB flash disk(s) you want to to immunize/disinfect

Hold down the Shift key when inserting the drive(s) until Windows detects the drive

Click OK to start the disinfection process

Repeat running Flash_Disinfector.exe for every flash drive you wish to immunize.

Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

Go to Start > Control Panel

Double-click on Add or Remove Programs

Look for entries that say Java, Java RunTime Environment or J2SE.

Uninstall all of them that are not named Java (TM) 6 Update 25

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 25).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

Double click aswMBR.exe to run the tool

Click the Scan button to start the scan

Donīt panic if you see any **Rootkit** entries. The tool sometimes produces false alarms

Once the scan finishes click Save log to save the log to your desktop

Copy and paste the contents of this log (aswMBR.txt) into your next reply.

Does that mean I also got it the virus from some kinda USB device? Only USB devices I use are storage devices or my phone...

Can you also see by those logs or info what the virus did? I still need to change all my passwords right? BTW after reading all the stickies in here I'am still thinking to reinstall my pc lol, even after fixing the problem.

With all due respect, if someone had planted an unidentified virus or keylogger on your computer without you knowing it, you would feel comfortable running Malwarebytes and calling it a day? Maybe they hold you to high regard in this forum, but I think you'd probably be better saving your talents for the Geek Squad.

Does that mean I also got it the virus from some kinda USB device? Only USB devices I use are storage devices or my phone... ]

As Gabe said, the presence of a sketchy looking autorun.inf suggests that at some point you were compromised by a worm of that type. There are plenty around. However, I think that was only his initial reaction to your question. I'm fairly sure it wasn't a definitive "this is what you had and there was nothing else".

Quote:

Originally Posted by Pokerpingu

Can you also see by those logs or info what the virus did? I still need to change all my passwords right? BTW after reading all the stickies in here I'am still thinking to reinstall my pc lol, even after fixing the problem.

Thanks Gabe. I appreciate it alot =]

I don't think any of your logs are going to tell you any of the information you have in mind (e.g. whether any information was stolen, etc). Carry on following Gabe's instructions; once your computer is clean and everything's updated then change your passwords if you've not already done so from a known clean machine.

Quote:

Originally Posted by Alphabits

With all due respect, if someone had planted an unidentified virus or keylogger on your computer without you knowing it, you would feel comfortable running Malwarebytes and calling it a day? Maybe they hold you to high regard in this forum, but I think you'd probably be better saving your talents for the Geek Squad.

lol @ Geek Squad reference

Also, how often does someone "plant" a virus on your machine that you do know about? This is silly. Also also also also, OP isn't just running MBAM. There's a reason that Gabe is taking him through a number of different steps.

You must make a lot of money to be able to afford all those tin foil hats.

Also, how often does someone "plant" a virus on your machine that you do know about? This is silly. Also also also also, OP isn't just running MBAM. There's a reason that Gabe is taking him through a number of different steps.

That is pretty silly. I wasn't trying to imply there would be a time you would know about it, rather that you don't know how it got there, how long it has been there and what information it may have gathered.

The behavior that OP was describing made it seem like this was more than ad-ware or just a nuisance.

I don't think I was giving bad (free) information, but maybe I was was missing the purpose of this forum which is for Gabe, the "Geek Squad Employee of the Year," to have a place to share his skills when he isn't out racing around in his black and white VW bug wearing his skinny tie and cop badge.

Quote:

Originally Posted by thunderbolts

You must make a lot of money to be able to afford all those tin foil hats.

With all due respect, if someone had planted an unidentified virus or keylogger on your computer without you knowing it, you would feel comfortable running Malwarebytes and calling it a day? Maybe they hold you to high regard in this forum, but I think you'd probably be better saving your talents for the Geek Squad.

I can be found at GeekPolice.net.
Feel free to join and run through GeekPolice Academy to learn what I did. It will take about 9-12 months, and you will give better advice than blurting "OMG REFORMAT"

Hello there, sorry for necroposting but after googling it it seems to me that this is still the only good thread about this thing that is not in German. Which is strange, anyway I'm having the same problem and after reading the thread I don't understand what exactly I'm supposed to do with OTL to begin with. If someone posted a step-by-step instruction it would be very appreciated. Thank you in advance.

Hello there, sorry for necroposting but after googling it it seems to me that this is still the only good thread about this thing that is not in German. Which is strange, anyway I'm having the same problem and after reading the thread I don't understand what exactly I'm supposed to do with OTL to begin with. If someone posted a step-by-step instruction it would be very appreciated. Thank you in advance.